Cyber Scams Target Motorists with Fake Traffic Violation Notices
Severity: Medium (Score: 51.9)
Sources: Themorning.Lk, Island.Lk
Published: · Updated:
Keywords: police, cyber, motorists, claiming, traffic, violations, name
Severity indicators: ot
Summary
Sri Lanka's CERT issued a warning about a cyber scam targeting motorists through fraudulent SMS and WhatsApp messages. These messages falsely claim that traffic violations have been detected via CCTV, misleading recipients into providing personal and financial information. The scammers impersonate the Sri Lanka Police and direct victims to a fake website resembling the official GovPay platform, where they are instructed to pay fines. This scam poses a significant risk of identity theft and financial loss. The public is advised to avoid clicking on suspicious links, verify website authenticity, and report any suspicious messages. The police are also investigating a separate cyber extortion scheme using the name of the Inspector General of Police. Both scams highlight the growing threat of cyber fraud in Sri Lanka. Key Points: • Sri Lanka CERT warns of a scam targeting motorists with fake traffic violation messages. • Scammers impersonate the police and direct victims to a fraudulent payment website. • Public advised to verify messages and report suspicious activity to authorities.
Detailed Analysis
**Impact** Motorists in Sri Lanka are targeted by a cyber scam involving fraudulent SMS and WhatsApp messages claiming traffic violations detected via CCTV. The scam risks exposing sensitive personal and financial data, including credit/debit card details, OTP codes, and National Identity Card information. The impersonation of official Sri Lanka Police notifications and fake payment websites affects the general public nationwide, potentially leading to financial loss and identity theft. Additionally, the Sri Lanka Police face reputational damage from extortion emails misusing the Inspector General of Police’s name. **Technical Details** Attackers use SMS and WhatsApp messages with fraudulent phone numbers and malicious links directing victims to counterfeit websites mimicking the official “GovPay” platform. The scam employs social engineering to deceive recipients into submitting payment and personal data. No malware, CVEs, or specific tools are mentioned. The extortion campaign involves forged signatures and impersonation in email communications. No detailed infrastructure or IOCs are provided. **Recommended Response** Users should avoid clicking on suspicious links received via SMS or WhatsApp and verify website authenticity before making payments. Organizations should educate the public to never share OTPs or personal information with unknown parties and report suspicious messages to Sri Lanka CERT or Police. Police and cybersecurity teams should monitor for impersonation attempts and extortion emails, blocking fraudulent domains and phone numbers as identified. No patching or malware detection specifics are available.
Source articles (2)
- Cyber fraud alert: Police investigate misuse of IGP's name in extortion emails — Themorning.Lk · 2026-05-28
Sri Lanka Police have launched an investigation into a cyber-threat and extortion email network operating under the name of the Inspector General of Police. Police stated that forged signatures and im… - Beware cyber scammers now target motorists claiming traffic violations — Island.Lk · 2026-05-29
Sri Lanka’s cybersecurity organisation (CERT) yesterday warned the public of an ongoing cyber scam targeting motorists through fraudulent SMS and WhatsApp messages claiming that traffic violations had…
Timeline
- 2026-05-28 — Sri Lanka CERT issues scam warning: CERT alerts public about fraudulent SMS and WhatsApp messages claiming traffic violations detected by CCTV.
- 2026-05-28 — Police investigate extortion emails: Sri Lanka Police launched an investigation into emails misusing the IGP's name for extortion.